Historic

glFTPd stands for GreyLine File Transfer Protocol Daemon and was named after the initial developer GreyLine. The first public release of glFTPd dates back to the beginning 1998. glFTPd is well known for its detailed user permissions, extensive scripting features, extensive configurabillity and for securely and efficiently transferring files between other sites using FXP. glFTPd has often been used on topsites for distribution of warez.

While development was stopped and the latest stable version of glFTPd dates from 2005-12-25, glFTPd is still widely respected and used for its secure nature. The official website has been closed but pzs-ng programmers have continued mirroring glftpd on their glFTPd.dk website.

Installation

glFTPd comes with a well thought through installation script that will automatically create the required system groups, configure the most basic options and set-up /jail if you want to.

TCDP Setup

TCPD SETUP
Do you wish to use tcpd? If you are not sure then you should not
use it. If you decided to change this at a later time, please
search for tcpd in glftpd.docs for the required changes.
Use tcpd? [Y]es [N]o: Y

JAIL Setup

A jailed setup will prevent normal system users from accessing the glftpd installation while at the same time prevent users with access to the glftpd server from accessing the rest of the system. This security feature is highly recommended, more detailed information on jailing is available on wikipedia.

We setup a private group for glftpd and add specific system users to this group, only these system users will have access to glftpd's configuration. If you choose to skip the creation of a private group root will be the only user with access to glftpd's configuration.

JAIL SETUP:
Do you want to run glftpd in a "Jailed" environment? In this
environment a private directory will be created and glftpd will
be installed inside. Regular shell users will not be able to get
inside this private directory. The glftpd.conf is also moved
inside for added security and a new group will be created so
you and other users you specify can access glftpd through the shell.
Use a jailed environment? [Y]es [N]o: Y
Creating the jailed environment.
Please enter the private directory to install glftpd inside [/jail]: /jail
Do you want to create a private group? If you say no then only root will
be able to access glftpd. Otherwise you can add other shell users to the
group so they can access glftpd from the shell.
Use a private group? [Y]es [No]: Y
What would you like your private group to be called? [glftpd]: glftpd
Creating private group . . . Done.
Who should have access to glftpd? (separate with ,): username
Setting permissions on /jail . . . Done.

SERVICE SETUP & MULTI-INSTALL

This section of the installation will allow you to setup multiple instances of glftpd on the same system, the default answer allows for a single instance of glftpd.

SERVICE SETUP & MULTI-INSTALL:
Enter a service name for glftpd. This name will be used as the
service name mapped to the port in /etc/services, the name
used in your (x)inetd settings, and the name of your config-file.
NOTE: If you (wish to) have multiple instances of glftpd on the
same box, you *must* to change this.
Press <enter> for the default (glftpd)> glftpd

PORT AND SYSTEM SETUP

The base port the FTP service will run on, make sure to pick a port not already in use by another service on your system. To create a list of ports currently in use on your system, use lsof:

# lsof -i

PORT AND SYSTEM SETUP:
Enter the port you would like glftpd to listen on [1337]: 1337
Setting userfile permissions . . .
Adding glftpd service to /etc/services (as glftpd) . .
Copying glftpd.conf to /jail/glftpd.conf . . .
Do you wish to use European weeks? European weeks starts with a Monday.
This is for glftpd's reset binary (see docs for more info) [Y/N]: Y

SSL/TLS SETUP

SSL or TLS encryption is available to encrypt the FTP login and data connections, this step will create a certificate inside the jail and set glftpd up to use this certificate. It is possible to use different certificates, this can be configured in glftpd.conf after installation has finished

SSL/TLS SETUP:
We will now create a certificate for SSL/TLS support. This step is
required.
Please specify a generic name for this certificate.
This can be any name but should say something about the ftp server
like the name for it perhaps (press enter for glftpd): glftpd
Please wait while creating certificate... (will take time!)
1024 semi-random bytes loaded
Generating DSA parameters, 1024 bit long prime
This could take some time
....... [snip] ++++++*
1024 semi-random bytes loaded
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..... [snip] ++*
Generating DSA key, 1024 bits
Moving ftpd-dsa.pem to /jail/glftpd//etc . . . Done
-> IMPORTANT !!!!
-> If you get TLS errors of any kind, read instructions in README.TLS
-> included in this package!

STARTING GLFTPD

The script has now completed the configuration of your server and will now write the configuration to glftpd.conf and set the service up to be started.

FINISH

FINISH:
Congratulations, glFtpD has been installed. Scroll up and note any errors
that needs fixing. ./installgl.debug contains a log of the installation process.
To get your site running, you must edit \033[1m/jail/glftpd.conf\033[0m according to
the instructions in /jail/glftpd/docs/glftpd.docs.
For help, visit #glftpd on EFnet after you've read (not skimmed) the docs/faq.
After configuring glftpd, visit the following websites for additional
scripts to give your site some style!:
Turranius - http://www.grandis.nu/glftpd
Jehsoms - http://runslinux.net/http://www.chimera-coding.com
D-ViBEs collection - http://www.glftpd.at
The official glftpd homepage is located at http://www.glftpd.com
Thanks for your support!
the glFtpD team

Allowing access

xinetd

To start xinetd at boot, please add "xinetd" to the DAEMONS section of rc.conf:

/etc/rc.conf

DAEMONS=(syslog-ng network ... ... xinetd)

hosts.allow

By default, tcp_wrappers will deny any connection to the system from the outside. To allow people people to access the FTP server, please add the following to hosts.allow:

/etc/hosts.allow

glftpd: ALL

local testing

First, make sure you have xinetd running and have allowed access to glftpd in /etc/hosts.allow.

During installation through install.sh, a single administrative FTP user was created. This user has full access to glftpd's features and can only log in to the ftp service from the system itself (localhost).

ftp username: glfptd
ftp password: glftpd

To log on to the ftp service, use the ftp command. <port> is the portnumber you chose during installation (1337 in the example):

Basics

Configures if your FTP is up, down or open to admin only: (0=up, 1=admin only, !*=down, default (commented with #) is up)

# shutdown 1

The FTP long name:

sitename_long MY[:space:]SITE[:space:]NAME

The FTP short name:

sitename_short MSN

Admin E-Mail adress:

email root@127.0.0.1

The ammount of users that can be online at the same time, the first number specifies the maximum amount of users allowed to connect to the site. The second number specifies how many exempt users can connect, if the site is already full. They must have exempt flag for this to work. Exempt users take up a slot, just like everyone else, so if you have max_users 5 5, and you have 5 exempt users logged in, non-exempt users won't be able to login.

max_users 15 5

The maximum ammount of accounts that can be registered with the server:

total_users 300

Folder rights

Folder rights configure which user(s) or group(s) are allowed to perform operations (read, write, create, delete) on folders. This is usefull as it will allow you to prevent users or groups deleting files or adding files when you don't want them too.

Now, let's say we add a user called upload. We want this user to be capable of:

Creating new folders

Uploading new files and resuming uploads

Deleting his own files

We also want our siteops, or site operators, (everybody with the 1 flag, look below for explenation) to be allpowerfull everywhere. Lastly, we want our group ftpusers to be able to download from everywhere.

In this third example, any user with flag 1 is allowed to upload to dir1, dir2 and dir3. Nobody else will be allowed to upload to those locations.
user upload is allowed to upload to uploads, nobody else.

By this I hope I have made it clear that any user on the ftp has to be allowed to do anything, the default is no acess to do anything at all.

Encrypted file transfers

glFTPd allows you to require your users to log on and transfer data with encryption enabled. The installation script has created a certificate you can use, we just need to set-up who will be required to use encryption to access the server.

The certificate that was created during installation is available in /jail/glftpd/etc/ftpd-dsa.pem

Open /jail/glftpd.conf with your favorite editor and look for the following (near the top of the file):

Dupecheck

By default, glFTPd checks for double files in the FTP's directory. Based on filenames, glFTPd may reject files and deny them during upload. Disabeling this feature can be usefull. Look for the following line in /jail/glftpd.conf:

/jail/glftpd.conf

# dupecheck how many days? ignore file case like Windows?
dupe_check 7 no

And change the default value of "7" to "0":

/jail/glftpd.conf

# dupecheck how many days? ignore file case like Windows?
dupe_check 0 no

Behind a router?

If you're running the FTP daemon from behind a router, you will need to configure glftpd.conf accordingly. You will want to operate the FTP in passive mode and define a port range for passive connections. Additionally, you will need to tell glFTPd what your WAN IP is.

Adding and configuring users and groups

glFTPd's users, groups and their respective settings (such as download speed, max. connections etc.) have to be configured by use of site commands. site commands are used when already logged on to the ftp server and are interpreted by glftpd.

General tips

glFTPd's help feature and documentation is extensive and provides extremely helpful examples. For example, users can acess a list of all basic configuration commands with:

ftp> site help

if you're unsure about a command syntax, or want to know options, you can simply do:

As a final tip, any command you apply to a user can be applied to a group. This is good when wanting to apply speedlimits, connectionlimits or other options to all users in that group. In this example, we will apply a download speed limit to all users in our ftpusers group.

Transfer credits

glFTPd uses a credit system which is on by default. The credit system is simple: Uploads give you credits (at a certain ratio), Downloads cost you credits. This feature can be usefull, but isn't in most day to day ftp applications. The simpelest way to disable this system is to set the ratio to 0 for all users, or give them a high ammount of credits.

site change username ratio 0

This will set the Upload/Download ratio for that user to 0, this will effectively disable the credit system for that user. This situation referred to as "leech" in the community. Many options to configure the credit system are available, please refer to the docs for options.

Troubleshooting

System update killed glftpd

A system update may remove the glftpd line from /etc/services, to restore functionallity simply add